Re: retrieving gpg-keys

To: mutt-users@xxxxxxxx
Subject: Re: retrieving gpg-keys
From: "Stewart V. Wright" <svwright+lists@xxxxxxxxxxxxxx>
Date: Sun, 7 Nov 2004 18:06:40 -0600
In-reply-to: <20041107212624.GQ3969@xxxxxxxxxxxx>
List-unsubscribe: <mailto:mutt-users-request@mutt.org?body=unsubscribe>
Mail-followup-to: mutt-users@xxxxxxxx
References: <20041107114633.GD3969@xxxxxxxxxxxx> <20041107152940.GA31853@xxxxxxxxxxxxxxxxxxx> <20041107160415.GJ3969@xxxxxxxxxxxx> <20041107181647.GB23671@xxxxxxx> <20041107212624.GQ3969@xxxxxxxxxxxx>
Sender: owner-mutt-users@xxxxxxxx
User-agent: Mutt/1.5.6i

G'day Jens,

* Jens Kubieziel <mutt-user@xxxxxxxxxxxx> [041107 15:30]:
> * Stewart V. Wright schrieb am 2004-11-07 um 19:16 Uhr:
> > * Jens Kubieziel <mutt-user@xxxxxxxxxxxx> [041107 10:10]:
> > > I use random.sks.keyserver.penguin.de or subkeys.pgp.net as keyserver
> > > and auto-key-retrieve is set. However it doesn't seem to work.
> > 
> > Big hint here... RTFM for GnuPG.  auto-key-retrieve is described as:
> >         This option enables  the  automatic  retrieving  of
> >         keys  from  a  keyserver  when verifying signatures
> >         made by keys that are not on the local keyring.
> 
> Argl, I read over the "verifying signatures"-part.

Easily done.

> Maybe I didn't made myself clear. I don't want to query a keyserver for
> each mail I write. It should only happen when I want to write an
> encrypted mail *and* don't have the others key in my keyring.

Ah, apologies.  I see that you've actually thought this through (at least more 
than I usually do before posting a message! :-) )

> > The second major problem is the security aspect.  Having a key listed on 
> > one of the key servers means NOTHING.  There is no guarantee that a key 
> > that is listed as belonging to yourfriend@xxxxxxxxxxxx has anything to do 
> > with that person.  The security in Open-PGP comes from the Web of Trust - 
> 
> ACK.  But assume I want to write a mail to RMS. He is actually not in my
> keyring, but when calculating the path to him
> (<URL:http://webware.lysator.liu.se/jc/wotsap/?top=0x135EA668&bottom=0xEE0977E8>)
> I can be sure that 0x135EA668 is the right key. However in that (and
> case normally only then) I want to fetch the key from mutt.

Indeed.  I didn't realise that your key was as well connected as it is...  I 
guess the question now is, how does one code in the WoT into your key-getting 
gizmo?  You are one person away from RMS, but two away from me.  Is that close 
enough?  How about taking the sig types in to account?  I guess you should let 
gpg do that sort of leg work for you.

> Thanks for your hints. Maybe I will write something that solves that 
> problem.

Hmm...  A combination replacing your editor with a script that calls "gpg 
--search-keys" based on the To: CC: and BCC: lines and then opens an editor 
might be one way forward.

Please do post whatever you come up with - I'd like to see a solution.


Cheers,

S.

Attachment: signature.asc
Description: Digital signature

References:
- retrieving gpg-keys
  - From: Jens Kubieziel
- Re: retrieving gpg-keys
  - From: Robert Kowalski
- Re: retrieving gpg-keys
  - From: Jens Kubieziel
- Re: retrieving gpg-keys
  - From: Stewart V. Wright
- Re: retrieving gpg-keys
  - From: Jens Kubieziel

Prev by Date: Re: retrieving gpg-keys
Next by Date: Re: a news reader
Previous by thread: Re: retrieving gpg-keys
Next by thread: html mails as text in mutt
Index(es):
- Date
- Thread